Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/S7-TVfrOukkC4mNV_WIM8BJ_EY8.roa
File:                     S7-TVfrOukkC4mNV_WIM8BJ_EY8.roa (raw, json)
Hash identifier:          +bZ/SZN5k+5u/7rISqt0jR7O7ULVWFMJeVgUuo/Pj90=
Subject key identifier:   4B:BF:93:55:FA:CE:BA:49:02:E2:63:55:FD:62:0C:F0:12:7F:11:8F
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018EA421A44F93743212EDD6F276742636BB
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/S7-TVfrOukkC4mNV_WIM8BJ_EY8.roa
Signing time:             Wed 03 Apr 2024 13:24:11 +0000
ROA not before:           Wed 03 Apr 2024 13:24:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208861
IP address blocks:        2a09:da00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:21:a4:4f:93:74:32:12:ed:d6:f2:76:74:26:36:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Apr  3 13:24:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bbf9355faceba4902e26355fd620cf0127f118f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6b:12:31:b1:03:88:77:4d:19:d4:b8:07:68:
                    87:60:1a:74:69:46:5e:0c:a3:a0:b5:a5:d0:03:7d:
                    d2:ec:80:99:97:24:4a:15:03:7e:10:3b:56:c1:58:
                    77:8a:c1:b7:1a:2c:4b:c6:d5:43:64:a9:f5:83:e9:
                    c3:c5:18:1b:58:93:88:e9:d0:b8:bc:58:c4:af:0a:
                    9d:0a:eb:2e:64:0e:ac:ee:9d:b0:f7:e2:d7:a9:28:
                    83:8a:b6:8e:a3:f6:f2:5c:79:85:60:15:82:9c:e3:
                    11:ef:1a:78:1c:6d:32:7d:ea:af:57:05:91:28:92:
                    9b:af:70:a5:1f:c1:2b:84:6c:4c:95:55:3e:06:f7:
                    f2:9a:33:b9:42:b1:35:4a:d2:00:a9:e9:5e:9c:30:
                    60:99:33:bc:58:ac:bc:27:19:45:7e:38:22:7e:17:
                    78:76:8d:eb:93:28:7e:07:48:cb:23:e9:b9:16:f2:
                    ff:d8:76:97:a2:6c:39:3f:e0:30:cf:a8:a6:ee:9b:
                    44:82:50:eb:59:ae:a2:d3:e1:0f:3f:2f:65:a6:a5:
                    0f:c6:e7:80:28:94:18:ec:38:2b:ef:3c:c8:23:89:
                    52:ad:0a:74:3f:02:96:6f:98:63:eb:db:a5:8c:24:
                    35:a5:92:a4:3f:4c:95:56:2b:83:9c:2f:42:98:be:
                    1b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:BF:93:55:FA:CE:BA:49:02:E2:63:55:FD:62:0C:F0:12:7F:11:8F
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/S7-TVfrOukkC4mNV_WIM8BJ_EY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:da00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:47:f2:76:40:be:48:70:eb:44:92:37:e3:d9:1a:3a:d3:23:
         a2:3f:46:1b:0c:33:6f:34:a6:ca:4f:d1:00:fa:67:90:a1:3c:
         eb:bc:19:62:3b:3a:cc:f6:bc:c1:21:1a:2c:a5:71:5e:ba:cf:
         83:46:fa:7c:78:4a:02:28:85:ea:c8:ec:c1:2d:95:f7:10:b5:
         67:a4:67:1a:be:98:2c:ff:77:7f:a8:68:4d:e9:d0:49:54:fa:
         76:50:05:4f:e8:69:17:34:cd:99:52:d7:e2:8a:01:ac:64:a7:
         bb:e2:b4:7e:ed:9f:dc:19:78:cd:00:cb:cd:51:e5:c8:ff:4e:
         43:79:73:5e:b5:77:69:e8:97:46:25:02:d7:90:ea:63:09:27:
         be:ca:bd:e8:4f:c8:4a:57:39:dd:d1:8b:72:10:73:bd:a1:84:
         0f:3c:e7:c6:81:6c:03:9b:d5:98:a2:a0:6d:d2:2c:8d:b7:5b:
         c4:52:08:c1:21:ab:6e:f3:61:19:e3:cd:dd:75:1d:6f:5a:d6:
         cb:05:8c:65:5b:2a:85:ea:df:66:a1:8c:26:84:04:13:88:9e:
         d0:e7:c0:34:9d:d8:c0:5b:b8:d5:93:05:47:b1:dc:28:66:5d:
         d2:db:c1:4a:4b:1a:3c:34:60:90:7f:a4:2c:a6:c4:95:8b:9a:
         a2:e8:05:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6kIaRPk3QyEu3W8nZ0Jja7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwNDAzMTMyNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmJmOTM1NWZhY2ViYTQ5MDJlMjYzNTVmZDYyMGNmMDEyN2YxMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWsSMbEDiHdNGdS4B2iHYBp0aUZe
DKOgtaXQA33S7ICZlyRKFQN+EDtWwVh3isG3GixLxtVDZKn1g+nDxRgbWJOI6dC4
vFjErwqdCusuZA6s7p2w9+LXqSiDiraOo/byXHmFYBWCnOMR7xp4HG0yfeqvVwWR
KJKbr3ClH8ErhGxMlVU+BvfymjO5QrE1StIAqelenDBgmTO8WKy8JxlFfjgifhd4
do3rkyh+B0jLI+m5FvL/2HaXomw5P+Awz6im7ptEglDrWa6i0+EPPy9lpqUPxueA
KJQY7Dgr7zzII4lSrQp0PwKWb5hj69uljCQ1pZKkP0yVViuDnC9CmL4bXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEu/k1X6zrpJAuJjVf1iDPASfxGPMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvUzctVFZmck91a2tDNG1OVl9XSU04QkpfRVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnaADAN
BgkqhkiG9w0BAQsFAAOCAQEAS0fydkC+SHDrRJI349kaOtMjoj9GGwwzbzSmyk/R
APpnkKE867wZYjs6zPa8wSEaLKVxXrrPg0b6fHhKAiiF6sjswS2V9xC1Z6RnGr6Y
LP93f6hoTenQSVT6dlAFT+hpFzTNmVLX4ooBrGSnu+K0fu2f3Bl4zQDLzVHlyP9O
Q3lzXrV3aeiXRiUC15DqYwknvsq96E/ISlc53dGLchBzvaGEDzznxoFsA5vVmKKg
bdIsjbdbxFIIwSGrbvNhGePN3XUdb1rWywWMZVsqherfZqGMJoQEE4ie0OfANJ3Y
wFu41ZMFR7HcKGZd0tvBSksaPDRgkH+kLKbElYuaougFSg==
-----END CERTIFICATE-----